July 24, 2013 at 2:04 am
Hi
I would like to know that, Is that possible to create SQL Login with blank password in SQL Server...
Please advise !!!
July 24, 2013 at 2:51 am
Yes, it's possible. But is is a real security risk and never -ever- recommended. Are you really sure you can not define a password?
This is how you do it:
1.) In the GUI don't enter a password and clear the checkbox "enforce password policy".
or
2.) With T-SQL: CREATE LOGIN [login_name] WITH PASSWORD=N'', DEFAULT_DATABASE=[database_name], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
July 24, 2013 at 7:49 am
Thanks all you guys for responding,but I believe in the older version of SQL Server (200 and below) can only possible.... am i correct ? and for SQL 2005 onwards this has been changed and will not allow to have blank password. Please correct me if any information on this...
Great Persons ...Good Involvement
July 24, 2013 at 8:04 am
mohan.bndr (7/24/2013)
Thanks all you guys for responding,but I believe in the older version of SQL Server (200 and below) can only possible.... am i correct ? and for SQL 2005 onwards this has been changed and will not allow to have blank password. Please correct me if any information on this...Great Persons ...Good Involvement
Did you try it? The code posted will generate a login with a blank password.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
July 25, 2013 at 12:44 pm
mohan.bndr (7/24/2013)
Thanks all you guys for responding,but I believe in the older version of SQL Server (200 and below) can only possible.... am i correct ? and for SQL 2005 onwards this has been changed and will not allow to have blank password. Please correct me if any information on this...
Yes, it is technically possible to have a SQL Server account with blank password, I saw this the other day on a SQL Server 2008 R2 instance. Perhaps it was an artifact left over from a 2000 -> 2005/2008 migration, but it was there.
For identifying weak SQL Server accounts, I use the following:
-- There are several frequently used password lists posted on the web.
-- Here are a few, but perhaps 100 or more could be inserted here.
declare @PW table (pwtext varchar(180) not null primary key);
insert into @PW (pwtext)
values ('password'), ('123456'), ('12345678'), ('1234'), ('qwerty'), ('12345');
select name, type_desc, create_date, modify_date, password_hash
from sys.sql_logins l
join @PW pw on pwdcompare(pw.pwtext, l.password_hash) = 1;
-- Query accounts with empty password:
select name, type_desc, create_date, modify_date, password_hash
from sys.sql_logins
where pwdcompare('', password_hash) = 1;
-- Query accounts where password = account name:
select name, type_desc, create_date, modify_date, password_hash
from sys.sql_logins
where pwdcompare(name, password_hash) = 1;
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply